Aurora, Iran, coincidence?
With the current focus on Stuxnet and Iran, it is easy to forget about Aurora. Certainly most utilities have. There are several important issues with Aurora:
1. It does not use the Internet
2. It does not use Windows
3. Like Stuxnet, it is an engineering attack against a process
4. Unlike Stuxnet, we have proof it works
Why bring this up now? About three months ago, NERC issued a follow-up advisory on Aurora. The first NERC Aurora Advisory was issued three years ago and it was effectively ignored. Other than utilities having to send NERC a written response, Aurora still seems to be ignored.
I spent several years at EPRI managing the nuclear and fossil plant equipment diagnostics programs to help utilities establish predictive monitoring programs. I was also managing the EPRI nuclear plant main coolant pump diagnostics program because several nuclear plants had their main coolant pump shafts crack without any consistent warning. While managing these programs, I developed an understanding of the vibration signatures affecting rotating equipment as well as the impacts of the vibration problems. So it was interesting to me when I was pointed to a website dealing with a major turbine failure in a fossil power plant in Iran. It was interesting to me because the turbine failure was caused by a coupling failure. Coupling failures are extremely rare. In fact, the only other coupling failure I am aware of leading to major damage was the Aurora test that destroyed the diesel generator at INL.
Coincidence? Why aren’t the US electric utilities taking Aurora any more seriously than they are Stuxnet?